字幕列表 影片播放 列印英文字幕 - [Narrator] Delivering millions of COVID-19 vaccines involves distribution centers, refrigerated trucks and cold storage facilities. And each of these could be a target for hackers. - COVID has been just a golden opportunity for cyber criminals and they've taken full advantage of it. - [Narrator] Since the start of the pandemic, there have been attempts to scam individuals and businesses for money, as well as steal vaccine research or hold data ransom for a payment. And a week before the first vaccinations in the world began in the UK, INTERPOL warned that criminal organizations were planning to infiltrate and disrupt the vaccine supply chain. Hackers are looking for a way to tamper with the distribution. The cold chain network that enables the delivery of temperature sensitive COVID-19 vaccines, like the one developed by Pfizer and BioNTech, that has to be kept at -70 degrees Celsius. - The payoffs are really big. The people that are doing it are increasingly sophisticated. - [Narrator] So are hackers targeting the vaccine rollout and is there a way to stop them? Hackers have been honing their skills for years by going after hospitals. - The average hospital doesn't have very good cybersecurity. Criminals are eager to take advantage of the concern that the virus has raised. - [Narrator] Jim Lewis leads a cybersecurity team into a Washington based think tank. He says the easiest tool for hackers is phishing. - You send an email out to a hundred people, the odds are very good that two of them will click on it. What the COVID vaccine creates is the opportunity to do this on a massive scale and that means you can ask for a massive ransom. - [Narrator] If someone clicks on a malicious link or opens an attachment, the person may be prompted to download malware or enter login details, giving the attacker access to the network and its data. During the pandemic, phishers setup bait with emails sent to hospitals about COVID-19 prevention and setting up pandemic funds. And now that the vaccines are on their way, hackers are taking on new identities to infiltrate cold chain companies, like ones that manufacture solar panels to power refrigerators or IT firms that support biotech and pharmaceutical clients. - I think the messages were very specifically crafted to get people at these companies to respond but in general, this whole problem of Corona virus being a lure for scammers is huge. - [Narrator] IBM recently tracked down a phishing campaign that targeted a variety of these companies. The hacker was disguised as a project manager from the Chinese company, Haier Biomedical which, his website says, is the world's only complete cold chain provider. The writer said it would send an advance payment of around $220,000. The message went on to ask that the reader review the attached draft contract, which is actually a malicious attachment. IBM says it's unclear if any victims clicked on the file and fell for this scam and doesn't know which nation state might be behind it. If there were any victims, IBM says the harvested credentials could give the hacker insight into internal communications as well as methods and plans to distribute the COVID-19 vaccine. Haier Biomedical says it condemns the perpetrators of the phishing email and is working with international organizations to ensure that these incidents don't deter the fight against the pandemic. But if hackers do successfully access the system, they can encrypt the data, making it unreadable. This can happen to logistics companies responsible for delivering the vaccine. - And so you could imagine a locking up the supply chain, locking up distribution codes, or locking the trucks and saying, unless you pay, you won't be able to deliver. - [Narrator] But some systems in the cold chain would be harder to hack. - Yeah, the actual operation of a refrigerator, that would be a specialized operating system and that would be configured in a way that was unusual so they have to figure out how they work. - [Narrator] So what's more likely to happen is that hackers will go after low hanging fruit. - They're already making tons of money just hitting standard windows operating machines. So if you were working for a refrigeration company, I'd be worried about the sort of the back office equipment that the salespeople use, the laptops and the desktops and maybe some of the servers. - [Narrator] After all, according to a survey by a healthcare IT consultant, 80% of health professionals say their hospitals still use legacy systems, such as Windows 2008. - You need to do basic cyber hygiene which includes training, two factor authentication, making sure your patches and updates are installed, but on top of that, you need to back up your data and think about how you're gonna use cloud services. - [Narrator] But given the high stakes of getting more people vaccinated, no amount of drills may prepare the cold chain for the months to come. - This has changed from efforts to steal the formula, to efforts to blackmail people about distribution. So we're seeing the cyber crime evolve when it comes to COVID.